Security News
Security flaws in open source software have increased and can take a long time to be added to the National Vulnerability Database, says RiskSense. A report released Monday by vulnerability management firm RiskSense describes the impact of security vulnerabilities on OSS. For its report "The Dark Reality of Open Source," RiskSense found that the total number of CVEs in OSS are on the rise, more than doubling to 968 in 2019 from 421 in 2018 and 435 in 2017.
Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers. Published on GitHub in the Password Manager Resources repository, the tools should help developers create strong passwords compatible with popular websites.
IBM this week announced the availability of open source toolkits that allow for data to be processed while it's still encrypted. The toolkits implement fully homomorphic encryption, which enables the processing of encrypted data without providing access to the actual data.
The use of open source code in modern software has become nearly ubiquitous. Open source code is distinct from custom code in that its vulnerabilities - and many exploits for them - are published online, making it a particularly attractive target for malicious actors.
Google this week announced an expansion for its Vulnerability Rewards Program to include critical open-source dependencies of Google Kubernetes Engine. The announcement builds on the bug bounty program for Kubernetes that the Cloud Native Computing Foundation, in partnership with Google and others, announced earlier this year, and which offers rewards of up to $10,000 for vulnerabilities in the project.
How many vulnerabilities lurk inside the bazillions of open source libraries that today's developers happily borrow to build their applications? Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries used by them.
India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues. The nation has now decided to open the app and run a bug bounty programme.
India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues. The nation has now decided to open the app and run a bug bounty programme.
A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library. Most JavaScript applications contain hundreds of open-source libraries - some have more than 1,000 different libraries.
Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals. An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies.